Metadata
Name: GitHoundDisplay Name: GitHub (GitHound)
Version: v1.0.0
Namespace: GH
Environment Kind: GH_Organization
Source Kind: GitHub
This file is automatically generated from the schema.json file
that is bundled with GitHub (GitHound).
Nodes
| Icon | Node Kind | Display Name |
|---|---|---|
 | GH_App | GitHub App |
 | GH_AppInstallation | GitHub App Installation |
 | GH_Branch | GitHub Branch |
 | GH_BranchProtectionRule | GitHub Branch Protection Rule |
 | GH_Environment | GitHub Environment |
 | GH_EnvironmentSecret | GitHub Environment Secret |
 | GH_EnvironmentVariable | GitHub Environment Variable |
 | GH_ExternalIdentity | GitHub External Identity |
 | GH_Organization | GitHub Organization |
 | GH_OrgRole | GitHub Org Role |
 | GH_OrgSecret | GitHub Org Secret |
 | GH_OrgVariable | GitHub Org Variable |
 | GH_PersonalAccessToken | GitHub Personal Access Token |
 | GH_PersonalAccessTokenRequest | GitHub Personal Access Token Request |
 | GH_RepoRole | GitHub Repo Role |
 | GH_RepoSecret | GitHub Repo Secret |
 | GH_Repository | GitHub Repository |
 | GH_RepoVariable | GitHub Repo Variable |
 | GH_SamlIdentityProvider | GitHub SAML Identity Provider |
 | GH_SecretScanningAlert | GitHub Secret Scanning Alert |
 | GH_Team | GitHub Team |
 | GH_TeamRole | GitHub Team Role |
 | GH_User | GitHub User |
 | GH_Workflow | GitHub Workflow |
Edges
| Relationship Kind | Traversable | Description |
|---|---|---|
| GH_AddAssignee | ❌ | [Repository] Repo role can assign users to issues and pull requests |
| GH_AddCollaborator | ❌ | [Organization] Org role can add outside collaborators |
| GH_AddLabel | ❌ | [Repository] Repo role can add labels to issues and pull requests |
| GH_AddMember | ✅ | Team role can add members to the team (maintainer privilege) |
| GH_AdminTo | ❌ | [Repository] Repo role has admin access to the repository. |
| GH_BypassBranchProtection | ❌ | [Repository] Repo role can bypass merge-gate branch protections (PR reviews, lock branch). Suppressed by enforce_admins. |
| GH_BypassPullRequestAllowances | ❌ | User or team can bypass pull request requirements on a branch protection rule |
| GH_CanAccess | ❌ | Personal access token or app installation can access this repository or organization |
| GH_CanAssumeIdentity | ✅ | Repository can assume this cloud identity via OIDC federation (Azure workload identity or AWS IAM role) |
| GH_CanCreateBranch | ✅ | [Repository - Computed] Role can create new branches in this repository (unprotected branches that bypass the merge gate) |
| GH_CanEditProtection | ✅ | [Repository - Computed] Repo role can modify or remove the branch protection rules governing this branch (computed from GH_EditRepoProtections + GH_ProtectedBy) |
| GH_CanReadSecretScanningAlert | ✅ | [Computed] Role can read secret scanning alerts (computed from GH_ViewSecretScanningAlerts permission + GH_Contains) |
| GH_CanWriteBranch | ✅ | [Repository - Computed] Role can push to this branch after evaluating branch protection rules, push restrictions, and bypass allowances |
| GH_CloseDiscussion | ❌ | [Repository] Repo role can close discussions |
| GH_CloseIssue | ❌ | [Repository] Repo role can close issues |
| GH_ClosePullRequest | ❌ | [Repository] Repo role can close pull requests |
| GH_Contains | ❌ | Container relationship for organizational hierarchy (org contains secrets/variables, repo contains secrets/variables, environment contains secrets/variables) |
| GH_ConvertIssuesToDiscussions | ❌ | [Repository] Repo role can convert issues to discussions |
| GH_CreateDiscussionCategory | ❌ | [Repository] Repo role can create discussion categories |
| GH_CreateRepository | ❌ | [Organization] Org role can create repositories in the organization |
| GH_CreateSoloMergeQueueEntry | ❌ | Repo role can create solo merge queue entries |
| GH_CreateTag | ❌ | [Repository] Repo role can create tags and releases |
| GH_CreateTeam | ❌ | [Organization] Org role can create teams in the organization |
| GH_DeleteAlertsCodeScanning | ❌ | [Repository] Repo role can delete code scanning alerts |
| GH_DeleteDiscussion | ❌ | [Repository] Repo role can delete discussions |
| GH_DeleteDiscussionComment | ❌ | [Repository] Repo role can delete discussion comments |
| GH_DeleteIssue | ❌ | [Repository] Repo role can delete issues |
| GH_DeleteTag | ❌ | [Repository] Repo role can delete tags and releases |
| GH_EditCategoryOnDiscussion | ❌ | [Repository] Repo role can change the category of a discussion |
| GH_EditDiscussionCategory | ❌ | [Repository] Repo role can edit discussion categories |
| GH_EditDiscussionComment | ❌ | [Repository] Repo role can edit discussion comments |
| GH_EditRepoAnnouncementBanners | ❌ | [Repository] Repo role can edit repository announcement banners |
| GH_EditRepoCustomPropertiesValues | ❌ | [Repository] Repo role can edit custom property values on the repository |
| GH_EditRepoMetadata | ❌ | [Repository] Repo role can edit repository metadata |
| GH_EditRepoProtections | ❌ | Repo role can edit branch protection rules |
| GH_HasBaseRole | ✅ | Role inherits permissions from another role |
| GH_HasBranch | ❌ | Repository has this branch |
| GH_HasEnvironment | ❌ | Repository or branch has/can deploy to this environment |
| GH_HasExternalIdentity | ❌ | SAML identity provider has this external identity |
| GH_HasPersonalAccessToken | ❌ | User owns this personal access token that has been granted access to the organization |
| GH_HasPersonalAccessTokenRequest | ❌ | User has a pending personal access token request for the organization |
| GH_HasRole | ✅ | User or team has a role assignment (org role, team role, or repo role) |
| GH_HasSamlIdentityProvider | ❌ | Organization has this SAML identity provider configured |
| GH_HasSecret | ✅ | Repository or environment has access to this secret |
| GH_HasVariable | ✅ | Repository has access to this variable (org-level or repo-level) |
| GH_HasWorkflow | ❌ | Repository has this workflow |
| GH_InstalledAs | ✅ | GitHub App is installed as this app installation on an organization |
| GH_InviteMember | ❌ | [Organization] Org role can invite members to the organization |
| GH_JumpMergeQueue | ❌ | Repo role can jump the merge queue |
| GH_ManageDeployKeys | ❌ | [Repository] Repo role can manage deploy keys |
| GH_ManageDiscussionBadges | ❌ | [Repository] Repo role can manage discussion badges |
| GH_ManageOrganizationWebhooks | ❌ | [Organization] Org role can manage organization webhooks |
| GH_ManageRepoSecurityProducts | ❌ | Repo role can manage repo-level security products |
| GH_ManageSecurityProducts | ❌ | Repo role can manage security products |
| GH_ManageSettingsMergeTypes | ❌ | [Repository] Repo role can manage allowed merge types |
| GH_ManageSettingsPages | ❌ | [Repository] Repo role can manage GitHub Pages settings |
| GH_ManageSettingsProjects | ❌ | [Repository] Repo role can manage project settings |
| GH_ManageSettingsWiki | ❌ | [Repository] Repo role can manage wiki settings |
| GH_ManageTopics | ❌ | [Repository] Repo role can manage repository topics |
| GH_ManageWebhooks | ❌ | [Repository] Repo role can manage repository webhooks |
| GH_MapsToUser | ❌ | External identity maps to a GitHub user or identity provider user |
| GH_MarkAsDuplicate | ❌ | [Repository] Repo role can mark issues or pull requests as duplicates |
| GH_MemberOf | ✅ | Team role is a member of a team, or team is a nested member of a parent team |
| GH_OrgBypassCodeScanningDismissalRequests | ❌ | [Organization] Org role can bypass code scanning dismissal requests |
| GH_OrgBypassSecretScanningClosureRequests | ❌ | [Organization] Org role can bypass secret scanning closure requests |
| GH_OrgReviewAndManageSecretScanningBypassRequests | ❌ | [Organization] Org role can review and manage secret scanning bypass requests |
| GH_OrgReviewAndManageSecretScanningClosureRequests | ❌ | [Organization] Org role can review and manage secret scanning closure requests |
| GH_Owns | ✅ | Organization owns a repository |
| GH_ProtectedBy | ❌ | Branch protection rule protects this branch |
| GH_PushProtectedBranch | ❌ | [Repository] Repo role can push to branches with push restrictions. Not affected by enforce_admins. |
| GH_ReadCodeScanning | ❌ | [Repository] Repo role can read code scanning results |
| GH_ReadOrganizationActionsUsageMetrics | ❌ | [Organization] Org role can read Actions usage metrics |
| GH_ReadOrganizationCustomOrgRole | ❌ | [Organization] Org role can read custom org role definitions |
| GH_ReadOrganizationCustomRepoRole | ❌ | [Organization] Org role can read custom repo role definitions |
| GH_ReadRepoContents | ❌ | [Repository] Repo role can read repository contents |
| GH_RemoveAssignee | ❌ | [Repository] Repo role can remove assignees from issues and pull requests |
| GH_RemoveLabel | ❌ | [Repository] Repo role can remove labels from issues and pull requests |
| GH_ReopenDiscussion | ❌ | [Repository] Repo role can reopen discussions |
| GH_ReopenIssue | ❌ | [Repository] Repo role can reopen closed issues |
| GH_ReopenPullRequest | ❌ | [Repository] Repo role can reopen closed pull requests |
| GH_RequestPrReview | ❌ | [Repository] Repo role can request pull request reviews |
| GH_ResolveDependabotAlerts | ❌ | [Repository] Repo role can resolve Dependabot alerts |
| GH_ResolveSecretScanningAlerts | ❌ | [Organization] Org role can resolve secret scanning alerts |
| GH_RestrictionsCanPush | ❌ | User or team is allowed to push to branches protected by this rule |
| GH_RunOrgMigration | ❌ | [Repository] Repo role can run organization migrations |
| GH_SetInteractionLimits | ❌ | [Repository] Repo role can set interaction limits on the repository |
| GH_SetIssueType | ❌ | [Repository] Repo role can set issue types |
| GH_SetMilestone | ❌ | [Repository] Repo role can set milestones on issues and pull requests |
| GH_SetSocialPreview | ❌ | [Repository] Repo role can set the repository social preview image |
| GH_SyncedTo | ✅ | External identity (Azure, Okta, PingOne) is synced to this GitHub user via SSO/SCIM |
| GH_ToggleDiscussionAnswer | ❌ | [Repository] Repo role can toggle discussion answers |
| GH_ToggleDiscussionCommentMinimize | ❌ | [Repository] Repo role can minimize discussion comments |
| GH_TransferRepository | ❌ | [Organization] Org role can transfer repositories |
| GH_ValidToken | ✅ | Secret scanning alert contains a valid, active token belonging to this user |
| GH_ViewDependabotAlerts | ❌ | [Repository] Repo role can view Dependabot alerts |
| GH_ViewSecretScanningAlerts | ❌ | [Repository] Role can view secret scanning alerts |
| GH_WriteCodeScanning | ❌ | [Repository] Repo role can upload code scanning results |
| GH_WriteOrganizationActionsSecrets | ❌ | [Organization] Org role can write Actions secrets |
| GH_WriteOrganizationActionsSettings | ❌ | [Organization] Org role can write Actions settings |
| GH_WriteOrganizationActionsVariables | ❌ | [Organization] Org role can write Actions variables |
| GH_WriteOrganizationCustomOrgRole | ✅ | [Organization] Org role can write custom org role definitions |
| GH_WriteOrganizationCustomRepoRole | ❌ | [Organization] Org role can write custom repo role definitions |
| GH_WriteOrganizationNetworkConfigurations | ❌ | [Organization] Org role can write network configurations |
| GH_WriteRepoContents | ❌ | [Repository] Repo role can write repository contents |
| GH_WriteRepoPullRequests | ❌ | [Repository] Repo role can create and merge pull requests |